IAPS 1012 176 INTERNATIONAL AUDITING PRACTICE STATEMENT 1012 AUDITING DERIVATIVE FINANCIAL INSTRUMENTS (This Statement is effective) CONTENTS Paragraph Introduction .................................................................................................... 1 Derivative Instruments and Activities ............................................................ 2–7 Responsibility of Management and Those Charged with Governance .......... 8–10 The Auditor’s Responsibility ......................................................................... 11–15 Knowledge of the Business ............................................................................ 16–20 Key Financial Risks ....................................................................................... 21 Assertions to Address .................................................................................... 22 Risk Assessment and Internal Control ........................................................... 23–65 Substantive Procedures .................................................................................. 66–76 Substantive Procedures Related to Assertions ............................................... 77–89 Additional Considerations About Hedging Activities ................................... 90–91 Management Representations ........................................................................ 92–93 Communications with Management and Those Charged with Governance ............................................................................................. 94 Glossary of Terms International Auditing Practice Statement (IAPS) 1012, “Auditing Derivative Financial Instruments” should be read in the context of the “Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services,” which sets out the application and authority of IAPSs. The International Auditing Practices Committee approved this International Auditing Practice Statement for publication in March 2001.
1. IAPS 1012 176 INTERNATIONAL AUDITING PRACTICE STATEMENT 1012
AUDITING DERIVATIVE FINANCIAL INSTRUMENTS (This Statement is
effective) CONTENTS Paragraph Introduction
....................................................................................................
1 Derivative Instruments and Activities
............................................................ 27
Responsibility of Management and Those Charged with Governance
.......... 810 The Auditors Responsibility
.........................................................................
1115 Knowledge of the Business
............................................................................
1620 Key Financial Risks
.......................................................................................
21 Assertions to Address
....................................................................................
22 Risk Assessment and Internal Control
........................................................... 2365
Substantive Procedures
..................................................................................
6676 Substantive Procedures Related to Assertions
............................................... 7789 Additional
Considerations About Hedging Activities
................................... 9091 Management Representations
........................................................................
9293 Communications with Management and Those Charged with
Governance
.............................................................................................
94 Glossary of Terms International Auditing Practice Statement
(IAPS) 1012, Auditing Derivative Financial Instruments should be
read in the context of the Preface to the International Standards
on Quality Control, Auditing, Review, Other Assurance and Related
Services, which sets out the application and authority of IAPSs.
The International Auditing Practices Committee approved this
International Auditing Practice Statement for publication in March
2001.
2. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012177
AUDITING Introduction 1. The purpose of this International Auditing
Practice Statement (IAPS) is to provide guidance to the auditor in
planning and performing auditing procedures for financial statement
assertions related to derivative financial instruments. This IAPS
focuses on auditing derivatives held by end users, including banks
and other financial sector entities when they are the end users. An
end user is an entity that enters into a financial transaction,
through either an organized exchange or a broker, for the purpose
of hedging, asset/liability management or speculating. End users
consist primarily of corporations, government entities,
institutional investors and financial institutions. An end users
derivative activities often are related to the entitys production
or use of a commodity. The accounting systems and internal control
issues associated with issuing or trading derivatives may be
different from those associated with using derivatives. IAPS 1006,
Audits of the Financial Statements of Banks provides guidance on
the audits of banks and other financial-sector entities, and
includes guidance on auditing international commercial banks
issuing or trading derivatives. Derivative Instruments and
Activities 2. Derivative financial instruments are becoming more
complex, their use is becoming more commonplace and the accounting
requirements to provide fair value and other information about them
in financial statement presentations and disclosures are expanding.
Values of derivatives may be volatile. Large and sudden decreases
in their value may increase the risk that a loss to an entity using
derivatives may exceed the amount, if any, recorded on the balance
sheet. Furthermore, because of the complexity of derivative
activities, management may not fully understand the risks of using
derivatives. 3. For many entities, the use of derivatives has
reduced exposures to changes in exchange rates, interest rates and
commodity prices, as well as other risks. On the other hand, the
inherent characteristics of derivative activities and derivative
financial instruments also may result in increased business risk in
some entities, in turn increasing audit risk and presenting new
challenges to the auditor. 4. Derivatives is a generic term used to
categorize a wide variety of financial instruments whose value
depends on or is derived from an underlying rate or price, such as
interest rates, exchange rates, equity prices, or commodity prices.
Derivative contracts can be linear or non-linear. They are
contracts that either involve obligatory cash flows at a future
date (linear) or have option features where one party has the right
but not the obligation to demand that another party deliver the
underlying item to it (non-linear). Some national financial
reporting frameworks, and the International Accounting Standards
contain definitions of derivatives. For example, International
Accounting
3. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 178
Standard (IAS) 39, Financial Instruments: Recognition and
Measurement defines a derivative as a financial instrument: Whose
value changes in response to the change in a specified interest
rate, security price, commodity price, foreign exchange rate, index
of prices or rates, a credit rating or credit index, or similar
variable (sometimes called the underlying); That requires no
initial net investment or little initial net investment relative to
other types of contracts that have a similar response to changes in
market conditions; and That is settled at a future date. In
addition, different national financial reporting frameworks and the
International Accounting Standards provide for different accounting
treatments of derivative financial instruments. 5. The most common
linear contracts are forward contracts (for example, foreign
exchange contracts and forward rate agreements), futures contracts
(for example, a futures contract to purchase a commodity such as
oil or power) and swaps. The most common non-linear contracts are
options, caps, floors and swaptions. Derivatives that are more
complex may have a combination of the characteristics of each
category. 6. Derivative activities range from those whose primary
objective is to: Manage current or anticipated risks relating to
operations and financial position; or Take open or speculative
positions to benefit from anticipated market movements. Some
entities may be involved in derivatives not only from a corporate
treasury perspective but also, or alternatively, in association
with the production or use of a commodity. 7. While all financial
instruments have certain risks, derivatives often possess
particular features that leverage the risks, such as: Little or no
cash outflows/inflows are required until maturity of the
transactions; No principal balance or other fixed amount is paid or
received; Potential risks and rewards can be substantially greater
than the current outlays; and The value of an entitys asset or
liability may exceed the amount, if any, of the derivative that is
recognized in the financial statements, especially in entities
whose financial reporting frameworks do not require derivatives to
be recorded at fair market value in the financial statements.
4. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012179
AUDITING Responsibilities of Management and Those Charged with
Governance 8. ISA 200, Objective and General Principles Governing
an Audit of Financial Statements states that the entitys management
is responsible for preparing and presenting financial statements.
As part of the process of preparing those financial statements,
management makes specific assertions related to derivatives. Those
assertions include (where the financial reporting framework
requires) that all derivatives recorded in the financial statements
exist, that there are no unrecorded derivatives at the balance
sheet date, that the derivatives recorded in the financial
statements are properly valued, and presented, and that all
relevant disclosures are made in the financial statements. 9. Those
charged with governance of an entity, through oversight of
management, are responsible for: The design and implementation of a
system of internal control to: Monitor risk and financial control;
Provide reasonable assurance that the entitys use of derivatives is
within its risk management policies; and Ensure that the entity is
in compliance with applicable laws and regulations; and The
integrity of the entitys accounting and financial reporting systems
to ensure the reliability of managements financial reporting of
derivative activities. 10. The audit of the financial statements
does not relieve management or those charged with governance of
their responsibilities. The Auditors Responsibility 11. ISA 200
states that the objective of the audit is to enable the auditor to
express an opinion on whether the financial statements are prepared
in all material respects, in accordance with the applicable
financial reporting framework. The auditors responsibility related
to derivative financial instruments, in the context of the audit of
the financial statements taken as a whole, is to consider whether
managements assertions related to derivatives result in financial
statements prepared in all material respects in accordance with the
applicable financial reporting framework. 12. The auditor
establishes an understanding with the entity that the purpose of
the audit work is to be able to express an opinion on the financial
statements. The purpose of an audit of financial statements is not
to provide assurance on the adequacy of the entitys risk management
related to derivative activities, or the controls over those
activities. To avoid any
5. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 180
misunderstanding the auditor may discuss with management the nature
and extent of the audit work related to derivative activities. ISA
210, Terms of Audit Engagements provides guidance on agreeing upon
the terms of the engagement with an entity. The Need for Special
Skill and Knowledge 13. ISA 200 requires that the auditor comply
with the Code of Ethics for Professional Accountants (the Code)
issued by the International Federation of Accountants. Among other
things, the Code requires that the professional accountant perform
professional services with competence and diligence. The Code
further requires that the auditor maintain sufficient professional
knowledge and skill to fulfill responsibilities with due care. 14.
To comply with the requirements of ISA 200, the auditor may need
special skills or knowledge to plan and perform auditing procedures
for certain assertions about derivatives. Special skills and
knowledge include obtaining an understanding of: The operating
characteristics and risk profile of the industry in which an entity
operates; The derivative financial instruments used by the entity,
and their characteristics; The entitys information system for
derivatives, including services provided by a service organization.
This may require the auditor to have special skills or knowledge
about computer applications when significant information about
those derivatives is transmitted, processed, maintained or accessed
electronically; The methods of valuation of the derivative, for
example, whether fair value is determined by quoted market price,
or a pricing model; and The requirements of the financial reporting
framework for financial statement assertions related to
derivatives. Derivatives may have complex features that require the
auditor to have special knowledge to evaluate their measurement,
recognition and disclosure in conformity with the financial
reporting framework. For example, features embedded in contracts or
agreements may require separate accounting, and complex pricing
structures may increase the complexity of the assumptions used in
measuring the instrument at fair value. In addition, the
requirements of the financial reporting framework may vary
depending on the type of derivative, the nature of the transaction,
and the type of entity. 15. Members of the engagement team may have
the necessary skill and knowledge to plan and perform auditing
procedures related to derivatives transactions. Alternatively, the
auditor may decide to seek the assistance of
6. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012181
AUDITING an expert outside the firm, with the necessary skills or
knowledge to plan and perform the auditing procedures, especially
when the derivatives are very complex, or when simple derivatives
are used in complex situations, the entity is engaged in active
trading of derivatives, or the valuation of the derivatives are
based on complex pricing models. ISA 220, Quality Control for
Audits of Historical Financial Information1 provides guidance on
the supervision of individuals who serve as members of the
engagement team and assist the auditor in planning and performing
auditing procedures. ISA 620, Using the Work of an Expert provides
guidance on the use of an experts work as audit evidence. Knowledge
of the Business 16. ISA 310, Knowledge of the Business2 requires
the auditor, in performing an audit of financial statements, to
have or obtain a knowledge of the business sufficient to enable the
auditor to identify and understand the events, transactions and
practices that, in the auditors judgment, may have a significant
effect on the financial statements, the examination or the audit
report. For example, the auditor uses such knowledge to assess
inherent and control risks and to determine the nature, timing and
extent of audit procedures. 17. Because derivative activities
generally support the entitys business activities, factors
affecting its day-to-day operations also will have implications for
its derivative activities. For example, because of the economic
conditions that affect the price of an entitys primary raw
materials, an entity may enter into a futures contract to hedge the
cost of its inventory. Similarly, derivative activities can have a
major effect on the entitys operations and viability. General
Economic Factors 18. General economic factors are likely to have an
influence on the nature and extent of an entitys derivative
activities. For example, when interest rates appear likely to rise,
an entity may try to fix the effective level of interest rates on
its floating rate borrowings through the use of interest rate
swaps, forward rate agreements and caps. General economic factors
that may be relevant include: The general level of economic
activity; Interest rates, including the term structure of interest
rates, and availability of financing; Inflation and currency
revaluation; 1 ISA 220, Quality Control for Audit Work was
withdrawn in June 2005 when ISA 220, Quality Control for Audits of
Historical Financial Information became effective. 2 ISA 310,
Knowledge of the Business was withdrawn in December 2004 when ISA
315, Understanding the Entity and Its Environment and Assessing the
Risks of Material Misstatement became effective.
7. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 182
Foreign currency rates and controls; and The characteristics of the
markets that are relevant to the derivatives used by the entity,
including the liquidity or volatility of those markets. The
Industry 19. Economic conditions in the entitys industry also are
likely to influence the entitys derivative activities. If the
industry is seasonal or cyclical, it may be inherently more
difficult to accurately forecast interest rate, foreign exchange or
liquidity exposures. A high growth rate or sharp rate of decline in
an entitys business also may make it difficult to predict activity
levels in general and, thus, its level of derivative activity.
Economic conditions in a particular industry that may be relevant
include: The price risk in the industry; The market and
competition; Cyclical or seasonal activity; Declining or expanding
operations; Adverse conditions (for example, declining demand,
excess capacity, serious price competition); and Foreign currency
transactions, translation or economic exposure. The Entity 20. To
obtain a sufficient understanding of an entitys derivative
activities, to be able to identify and understand the events,
transactions and practices that, in the auditors judgment, may have
a significant effect on the financial statements or on the
examination or auditors report, the auditor considers: Knowledge
and experience of management and those charged with governance.
Derivative activities can be complicated and often, only a few
individuals within an entity fully understand these activities. In
entities that engage in few derivative activities, management may
lack experience with even relatively simple derivative
transactions. Furthermore, the complexity of various contracts or
agreements makes it possible for an entity to inadvertently enter
into a derivative transaction. Significant use of derivatives,
particularly complex derivatives, without relevant expertise within
the entity increases inherent risk. This may prompt the auditor to
question whether there is adequate management control, and may
affect the auditors risk assessment and the nature, extent and
timing of audit testing considered necessary; Availability of
timely and reliable management information. The control risk
associated with derivative activities may increase with greater
decentralization of those activities. This especially may be true
where an
8. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012183
AUDITING entity is based in different locations, some perhaps in
other countries. Derivative activities may be run on either a
centralized or a decentralized basis. Derivative activities and
related decision making depend heavily on the flow of accurate,
reliable, and timely management information. The difficulty of
collecting and aggregating such information increases with the
number of locations and businesses in which an entity is involved;
and Objectives for the use of derivatives. Derivative activities
range from those whose primary objective is to reduce or eliminate
risk (hedging) to those whose primary objective is to maximize
profits (speculating). All other things being equal, risk increases
as maximizing profits becomes the focus of derivative activity. The
auditor gains an understanding of the strategy behind the entitys
use of derivatives and identifies where the entitys derivative
activities lie on the hedging-speculating continuum. Key Financial
Risks 21. The auditor obtains an understanding of the principal
types of financial risk, related to derivative activities, to which
entities may be exposed. Those key financial risks are: (a) Market
risk, which relates broadly to economic losses due to adverse
changes in the fair value of the derivative. Related risks include:
Price risk, which relates to changes in the level of prices due to
changes in interest rates, foreign exchange rates, or other factors
related to market volatilities of the underlying rate, index, or
price. Price risk includes interest rate risk and foreign exchange
risk; Liquidity risk, which relates to changes in the ability to
sell or dispose of the derivative instrument. Derivative activities
bear the additional risk that a lack of available contracts or
counterparties may make it difficult to close out the derivative
transaction or enter into an offsetting contract. For example,
liquidity risk may increase if an entity encounters difficulties
obtaining the required security or commodity or other deliverable
should the derivative call for physical delivery, Economic losses
also may occur if the entity makes inappropriate trades based on
information obtained using poor valuation models, and Derivatives
used in hedging transactions bear additional risk, known as basis
risk. Basis is the difference between the price of the hedged item
and the price of the related hedging instrument.
9. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 184
Basis risk is the risk that the basis will change while the hedging
contract is open, and thus, the price correlation between the
hedged item and the hedging instrument will not be perfect. For
example, basis risk may be affected by a lack of liquidity in
either the hedged item, or the hedging instrument; (b) Credit risk,
which relates to the risk that a customer or counterparty will not
settle an obligation for full value, either when due or at any time
thereafter. For certain derivatives, market values are volatile, so
the credit risk exposure also is volatile. Generally, a derivative
has credit exposure only when the derivative has positive market
value. That value represents an obligation of the counterparty and,
therefore, an economic benefit that can be lost if the counterparty
fails to fulfill its obligation. Furthermore, the market value of a
derivative may fluctuate quickly, alternating between positive and
negative values. The potential for rapid changes in prices, coupled
with the structure of certain derivatives, also can affect credit
risk exposure. For example, highly leveraged derivatives or
derivatives with extended time periods can result in credit risk
exposure increasing quickly after a derivative transaction has been
undertaken. Many derivatives are traded under uniform rules through
an organized exchange (exchange-traded derivatives). Exchange
traded derivatives generally remove individual counterparty risk
and substitute the clearing organization as the settling
counterparty. Typically, the participants in an exchange-traded
derivative settle changes in the value of their positions daily,
which further mitigates credit risk. Other methods for minimizing
credit risk include requiring the counterparty to offer collateral,
or assigning a credit limit to each counterparty based on its
credit rating; (c) Settlement risk is the related risk that one
side of a transaction will be settled without value being received
from the customer or counterparty. One method for minimizing
settlement risk is to enter into a master netting agreement, which
allows the parties to set off all their related payable and
receivable positions at settlement; (d) Solvency risk, which
relates to the risk that the entity would not have the funds
available to honor cash outflow commitments as they fall due. For
example, an adverse price movement on a futures contract may result
in a margin call that the entity may not have the liquidity to
meet; and (e) Legal risk, which relates to losses resulting from a
legal or regulatory action that invalidates or otherwise precludes
performance by the end user or its counterparty under the terms of
the contract or related netting arrangements. For example, legal
risk could arise from insufficient documentation for the contract,
an inability to enforce a netting arrangement in bankruptcy,
adverse changes in tax laws, or statutes that prohibit entities
from investing in certain types of derivatives.
10. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012185
AUDITING Although other classifications of risk exist, they are
normally combinations of these principal risks. There is also a
further risk for commodities in that their quality may not meet
expectations. Assertions to Address 22. Financial statement
assertions are assertions by management, explicit or otherwise,
embodied in the financial statements prepared in accordance with
the applicable financial reporting framework. They can be
categorized as follows: Existence: An asset or liability exists at
a given date. For example, the derivatives reported in the
financial statements through measurement or disclosure exist at the
date of the balance sheet; Rights and obligations: An asset or a
liability pertains to the entity at a given date. For example, an
entity has the rights and obligations associated with the
derivatives reported in the financial statements; Occurrence: A
transaction or event took place that pertains to the entity during
the period. For example, the transaction that gave rise to the
derivative occurred within the financial reporting period;
Completeness: There are no unrecorded assets, liabilities,
transactions or events, or undisclosed items. For example, all of
the entitys derivatives are reported in the financial statements
through measurement or disclosure; Valuation: An asset or liability
is recorded at an appropriate carrying value. For example, the
values of the derivatives reported in the financial statements
through measurement or disclosure were determined in accordance
with the financial reporting framework; Measurement: A transaction
or event is recorded at the proper amount and revenue or expense is
allocated to the proper period. For example, the amounts associated
with the derivatives reported in the financial statements through
measurement or disclosure were determined in accordance with the
financial reporting framework, and the revenues or expenses
associated with the derivatives reported in the financial
statements were allocated to the correct financial reporting
periods; and Presentation and disclosure: An item is disclosed,
classified and described in accordance with the applicable
financial reporting framework. For example, the classification,
description and disclosure of derivatives in the financial
statements are in accordance with the financial reporting
framework.
11. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 186
Risk Assessment and Internal Control 23. Audit risk is the risk
that the auditor gives an inappropriate audit opinion when the
financial statements are materially misstated. Audit risk has three
components: inherent risk, control risk and detection risk. The
auditor considers knowledge obtained about the business and about
the key financial risks in assessing the components of audit risk.
24. ISA 400, Risk Assessments and Internal Control3 provides
guidance on the auditors consideration of audit risk and internal
control when planning and performing an audit of financial
statements in accordance with ISAs. The ISA requires that the
auditor use professional judgment to assess audit risk and to
design audit procedures to ensure that risk is reduced to an
acceptably low level. It also requires the auditor to obtain an
understanding of the accounting and internal control systems
sufficient to plan the audit and develop an effective audit
approach. Inherent Risk 25. Inherent risk is the susceptibility of
an account balance or class of transactions to misstatement that
could be material, individually or when aggregated with
misstatements in other balances or classes, assuming that there
were no related internal control. 26. ISA 4004 requires that, in
developing the overall audit plan, the auditor assess the inherent
risk at the financial statement level. ISA 400 requires the auditor
to relate that assessment to material account balances and classes
of transactions at the assertion level, or assume that inherent
risk is high for the assertion. 27. ISA 400 provides guidance to
the auditor in using professional judgment to evaluate numerous
factors that may affect the assessment of inherent risk. Examples
of factors that might affect the auditors assessment of the
inherent risk for assertions about derivatives include: Economics
and business purpose of the entitys derivative activities. The
auditor understands the nature of the entitys business and the
economics and business purpose of its derivative activities, all of
which may influence the entitys decision to buy, sell or hold
derivatives. Derivative activities range from positions where the
primary aim is to reduce or eliminate risk (hedging), to positions
where the primary aim is to maximize profits (speculating). The
inherent risks associated with risk management differ significantly
from those associated with speculative investing. 3 ISA 400, Risk
Assessments and Internal Control was withdrawn in December 2004
when ISA 315, Understanding the Entity and Its Environment and
Assessing the Risks of Material Misstatement, and ISA 330, The
Auditors Procedures in Response to Assessed Risks became effective.
4 See footnote 3.
12. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012187
AUDITING The complexity of a derivatives features. Generally, the
more complex a derivative, the more difficult it is to determine
its fair value. The fair values of certain derivatives, such as
exchange-traded options, are available from independent pricing
sources such as financial publications and broker-dealers not
affiliated with the entity. Determining fair value can be
particularly difficult, however, if a transaction has been
customized to meet individual user needs. When derivatives are not
traded regularly, or are traded only in markets without published
or quoted market prices, management may use a valuation model to
determine fair value. Valuation risk is the risk that the fair
value of the derivative is determined incorrectly. Model risk,
which is a component of valuation risk, exists whenever models (as
opposed to quoted market prices) are used to determine the fair
value of a derivative. Model risk is the risk associated with the
imperfections and subjectivity of these models and their related
assumptions. Both valuation risk and model risk contribute to the
inherent risk for the valuation assertion about those derivatives.
Whether the transaction giving rise to the derivative involved the
exchange of cash. Many derivatives do not involve an exchange of
cash at the inception of the transaction, or may involve contracts
that have irregular or end of term cash flows. There is an
increased risk that such contracts will not be identified, or will
be only partially identified and recorded in the financial
statements, increasing the inherent risk for the completeness
assertion about those derivatives. An entitys experience with the
derivative. Significant use of complex derivatives without relevant
expertise within the entity increases inherent risk. Relevant
expertise should reside with the personnel involved with the
entitys derivative activities, including those charged with
governance, those committing the entity to the derivative
transactions (hereinafter referred to as dealers), those involved
with risk control and the accounting and operations personnel
responsible for recording and settling the transactions. In
addition, management may be more likely to overlook infrequent
transactions for relevant accounting and disclosure issues. Whether
the derivative is an embedded feature of an agreement. Management
may be less likely to identify embedded derivatives, which
increases the inherent risk for the completeness assertion about
those derivatives. Whether external factors affect the assertion.
For example, the increase in credit risk associated with entities
operating in declining industries increases the inherent risk for
the valuation assertion about those derivatives. In addition,
significant changes in, or volatility of, interest
13. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 188
rates increase the inherent risk for the valuation of derivatives
whose value is significantly affected by interest rates. Whether
the derivative is traded on national exchanges or across borders.
Derivatives traded in cross-border exchanges may be subject to
increased inherent risk because of differing laws and regulations,
exchange rate risk, or differing economic conditions. These
conditions may contribute to the inherent risk for the rights and
obligations assertion or the valuation assertion. 28. Many
derivatives have the associated risk that a loss might exceed the
amount, if any, of the value of the derivative recognized on the
balance sheet (off-balance-sheet risk). For example, a sudden fall
in the market price of a commodity may force an entity to realize
losses to close a forward position in that commodity. In some
cases, the potential losses may be enough to cast significant doubt
on the entitys ability to continue as a going concern. ISA 570,
Going Concern establishes standards and provides guidance on the
auditors responsibility in the audit of financial statements with
respect to the going concern assumption used in the preparation of
the financial statements. The entity may perform sensitivity
analyses or value- at-risk analyses to assess the hypothetical
effects on derivative instruments subject to market risks. The
auditor may consider these analyses in evaluating managements
assessment of the entitys ability to continue as a going concern.
Accounting Considerations 29. An entitys accounting method affects
specific audit procedures and is, therefore, significant. The
accounting for derivatives may depend whether the derivative has
been classified as a hedging instrument, and if the hedging
relationship is a highly effective one. For example, IAS 39
requires the entity to recognize the changes in fair value of a
derivative instrument as net profit or loss in the current period.
If a derivative is part of a hedging relationship that meets
certain criteria, the hedging relationship qualifies for special
hedge accounting, which recognizes the offsetting effects of the
hedged item on net profit or loss. Because the derivatives and
hedged item are economically connected, it is appropriate to
recognize derivative gains or losses in the same accounting period
that the gains or losses on the hedged item are recognized. For
some transactions, changes in fair value will appear as a component
of current net profit or loss. For other transactions, changes in
fair value will appear currently in changes in equity, and
ultimately, when the final transactions occurs, in net profit or
loss. 30. Derivatives used as hedges are subject to the risk that
market conditions will change so that the hedge is no longer
effective and, thus, no longer meets the conditions of a hedging
relationship. For example, IAS 39 requires that periodic gains and
losses on a futures contract used to hedge the future purchase
of
14. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012189
AUDITING inventory be recognized as changes in stockholders equity,
with the cumulative gains or losses appearing in net profit or loss
in the same period(s) that the hedged forecasted transaction
affects net profit or loss. Any discrepancies between changes in
the spot price of the futures contract and the corollary changes in
the cost of the related inventory purchase would reduce the
effectiveness of the hedge. Discrepancies may be caused by
differing delivery sites for an inventory purchase and futures
contract used to hedge the inventory purchase. For example, the
cost of physical delivery may vary depending on site. Other
discrepancies may be caused by differing time parameters between
the execution of the hedged item and the hedging instrument, or
differing quality or quantity measures involving the hedged item
and those specified in the hedging instrument. IAS 39 requires the
ineffective portion of a change in the value of a hedging
instrument to be reported immediately in net profit or loss. If the
hedge is assessed and determined not to be highly effective, the
hedging relationship would no longer meet the criteria for hedge
accounting. Continued hedge accounting would exclude gains and
losses improperly from net profit or loss for the period. The
complexities of the accounting for derivatives increase the
inherent risk for the presentation and disclosure assertion about
those derivatives. Accounting System Considerations 31. ISA 4005
requires that the auditor obtain an understanding of the accounting
system. To achieve this understanding, the auditor obtains
knowledge of the design of the accounting system, changes to that
system and its operation. The extent of an entitys use of
derivatives and the relative complexity of the instruments are
important determinants of the necessary level of sophistication of
both the entitys information systems (including the accounting
system) and control procedures. 32. Certain instruments may require
a large number of accounting entries. Although the accounting
system used to post derivative transactions likely will need some
manual intervention, ideally, the accounting system is able to post
such entries accurately with minimal manual intervention. As the
sophistication of the derivative activities increases, so should
the sophistication of the accounting system. Because this is not
always the case, the auditor remains alert to the possible need to
modify the audit approach if the quality of the accounting system,
or aspects of it, appears weak. Control Environment 33. The control
environment influences the tone of an entity and the control
consciousness of its people. It is the foundation for all other
components of internal control, providing discipline and structure.
The control environment has 5 See footnote 3.
15. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 190 a
pervasive influence on the way business activities are structured,
objectives established and risks assessed. 34. ISA 4006 requires
the auditor to obtain an understanding of the control environment
sufficient to assess the attitudes of management and those charged
with governance, their awareness and actions regarding internal
control and its importance in the entity. 35. The auditor considers
managements overall attitude toward, and awareness of, derivative
activities as a part of obtaining an understanding of the control
environment, including any changes to it. It is the role of those
charged with governance to determine an appropriate attitude
towards the risks. It is managements role to monitor and manage the
entitys exposures to those risks. The auditor obtains an
understanding of how the control environment for derivatives
responds to managements assessment of risk. To effectively monitor
and manage its exposure to risk, an entity implements a structure
that: Is appropriate and consistent with the entitys attitude
toward risk as determined by those charged with governance;
Specifies the approval levels for the authorization of different
types of instruments and transactions that may be entered into and
for what purposes. The permitted instruments and approval levels
should reflect the expertise of those involved in derivative
activities; Sets appropriate limits for the maximum allowable
exposure to each type of risk (including approved counterparties).
Levels of allowable exposure may vary depending on the type of
risk, or counterparty; Provides for the independent and timely
monitoring of the financial risks and control procedures; and
Provides for the independent and timely reporting of exposures,
risks and the results of derivative activities in managing risk.
36. Management should establish suitable guidelines to ensure that
derivative activities fulfill the entitys needs. In setting
suitable guidelines, management should include clear rules on the
extent to which those responsible for derivative activities are
permitted to participate in the derivative markets. Once this has
been done, management can implement suitable systems to manage and
control those risks. Three elements of the control environment
deserve special mention for their potential effect on controls over
derivative activities: Direction from management or those charged
with governance. Management is responsible for providing direction,
through clearly stated policies, for the purchase, sale and holding
of derivatives. These policies should begin with management clearly
stating its objectives with 6 See footnote 3.
16. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012191
AUDITING regard to its risk management activities and an analysis
of the investment and hedging alternatives available to meet those
objectives. Policies and procedures should then be developed that
consider the: Level of the entitys management expertise;
Sophistication of the entitys internal control and monitoring
systems; Entitys asset/liability structure; Entitys capacity to
maintain liquidity and absorb losses of capital; Types of
derivative financial instruments that management believes will meet
its objectives; and Uses of derivative financial instruments that
management believes will meet its objectives, for example, whether
derivatives may be used for speculative purposes or hedging
purposes. An entitys policies for the purchase, sale and holding of
derivatives should be appropriate and consistent with its attitude
toward risk and the expertise of those involved in derivative
activities. Segregation of duties and the assignment of personnel.
Derivative activities may be categorized into three functions:
Committing the entity to the transaction (dealing); Initiating cash
payments and accepting cash receipts (settlements); and Recording
of all transactions correctly in the accounting records, including
the valuation of derivatives. Segregation of duties should exist
among these three functions. Where an entity is too small to
achieve proper segregation of duties, management should take a more
active role to monitor derivative activities. Some entities have
established a fourth function, risk control, which is responsible
for reporting on and monitoring derivative activities. Examples of
key responsibilities in this area may include: Setting and
monitoring risk management policy; Designing risk limit structures;
Developing disaster scenarios and subjecting open position
portfolios to sensitivity analysis, including reviews of unusual
movements in positions; and Reviewing and analyzing new derivative
instrument products.
17. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 192 In
entities that have not established a separate risk control
function, reporting on and monitoring derivative activities may be
a component of the accounting functions responsibility or
managements overall responsibility. Whether or not the general
control environment has been extended to those responsible for
derivative activities. An entity may have a control culture that is
generally focused on maintaining a high level of internal control.
Because of the complexity of some treasury or derivative
activities, this culture may not pervade the group responsible for
derivative activities. Alternatively, because of the risks
associated with derivative activities, management may enforce a
more strict control environment than it does elsewhere within the
entity. 37. Some entities may operate an incentive compensation
system for those involved in derivative transactions. In such
situations, the auditor considers the extent to which proper
guidelines, limits and controls have been established to ascertain
if the operation of that system could result in transactions that
are inconsistent with the overall objectives of the entitys risk
management strategy. 38. When an entity uses electronic commerce
for derivative transactions, it should address the security and
control considerations relevant to the use of an electronic
network. Control Objectives and Procedures 39. Internal controls
over derivative transactions should prevent or detect problems that
hinder an entity from achieving its objectives. These objectives
may be either operational, financial reporting, or compliance in
nature, and internal control is necessary to prevent or detect
problems in each area. 40. ISA 4007 requires the auditor to obtain
an understanding of the control procedures sufficient to plan the
audit. Effective control procedures over derivatives generally will
include adequate segregation of duties, risk management monitoring,
management oversight, and other policies and procedures designed to
ensure that the entitys control objectives are met. Those control
objectives include the following: Authorized execution. Derivative
transactions are executed in accordance with the entitys approved
policies. Complete and accurate information. Information relating
to derivatives, including fair value information, is recorded on a
timely basis, is complete and accurate when entered into the
accounting system, and has been properly classified, described and
disclosed. 7 See footnote 3.
18. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012193
AUDITING Prevention or detection of errors. Misstatements in the
processing of accounting information for derivatives are prevented
or detected in a timely manner. Ongoing monitoring. Activities
involving derivatives are monitored on an ongoing basis to
recognize and measure events affecting related financial statement
assertions. Valuation. Changes in the value of derivatives are
appropriately accounted for and disclosed to the right people from
both an operational and a control viewpoint. Valuation may be a
part of ongoing monitoring activities. In addition, for derivatives
designated as hedges, internal controls should assure that those
derivatives meet the criteria for hedge accounting, both at the
inception of the hedge, and on an ongoing basis. 41. As it relates
to the purchase, sale and holding of derivatives, the level of
sophistication of an entitys internal control will vary according
to: The complexity of the derivative and the related inherent
riskmore complex derivative activities will require more
sophisticated systems; The risk exposure of derivative transactions
in relation to the capital employed by the entity; and The volume
of transactionsentities that do not have a significant volume of
derivative transactions will require less sophisticated accounting
systems and internal control. 42. As the sophistication of
derivative activity increases, so should internal control. In some
instances, an entity will expand the types of financial activities
it enters into without making corresponding adjustments to its
internal control. 43. In larger entities, sophisticated computer
information systems generally keep track of derivative activities,
and to ensure that settlements occur when due. More complex
computer systems may generate automatic postings to clearing
accounts to monitor cash movements. Proper controls over processing
will help to ensure that derivative activities are correctly
reflected in the entitys records. Computer systems may be designed
to produce exception reports to alert management to situations
where derivatives have not been used within authorized limits or
where transactions undertaken were not within the limits
established for the chosen counterparties. Even a sophisticated
computer system may not ensure the completeness of derivative
transactions. 44. Derivatives, by their very nature, can involve
the transfer of sizable amounts of money both to and from the
entity. Often, these transfers take place at maturity. In many
instances, a bank is only provided with appropriate payment
instructions or receipt notifications. Some entities may use
electronic fund transfer systems. Such systems may involve complex
password and verification
19. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 194
controls, standard payment templates and cash pooling/sweeping
facilities. ISA 401, Auditing in a Computer Information Systems
Environment8 requires the auditor to consider how computer
information systems (CIS) environments affect the audit and to
obtain an understanding of the significance and complexity of the
CIS activities and the availability of data for use in the audit.
The auditor gains an understanding of the methods used to transfer
funds, along with their strengths and weaknesses, as this will
affect the risks the business is faced with and accordingly, the
audit risk assessment. 45. Regular reconciliations are an important
aspect of controlling derivative activities. Formal reconciliations
should be performed on a regular basis to ensure that the financial
records are properly controlled, all entries are promptly made and
the dealers have adequate and accurate position information before
formally committing the entity to a legally binding transaction.
Reconciliations should be properly documented and independently
reviewed. The following are some of the more significant types of
reconciliation procedures associated with derivative activities:
Reconciliation of dealers records to records used for the ongoing
monitoring process and the position or profit and loss shown in the
general ledger. Reconciliation of subsidiary ledgers, including
those maintained on computerized data bases, to the general ledger.
Reconciliation of all clearing and bank accounts and broker
statements to ensure all outstanding items are promptly identified
and cleared. Reconciliation of entitys accounting records to
records maintained by service organizations, where applicable. 46.
An entitys deal initiation records should clearly identify the
nature and purpose of individual transactions, and the rights and
obligations arising under each derivative contract. In addition to
the basic financial information, such as a notional amount, these
records should include: The identity of the dealer; The identity of
the person recording the transaction, if that person is not the
dealer; The date and time of the transaction; The nature and
purpose of the transaction, including whether or not it is intended
to hedge an underlying commercial exposure; and 8 ISA 401, Auditing
in a Computer Information Systems Environment was withdrawn in
December 2004 when ISA 315, Understanding the Entity and Its
Environment and Assessing the Risks of Material Misstatement, and
ISA330, TheAuditors Procedures in Response to Assessed Risks became
effective.
20. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012195
AUDITING Information on compliance with accounting requirements
related to hedging, if applicable, such as: Designation as a hedge,
including the type of hedge; Identification of the criteria used
for assessing effectiveness of the hedge; and Identification of the
hedged item in a hedging relationship. 47. Transaction records for
derivatives may be maintained in a database, register or subsidiary
ledger, which are then checked for accuracy with independent
confirmations received from the counterparties to the transactions.
Often, the transaction records will be used to provide accounting
information, including information for disclosures in the financial
statements, together with other information to manage risk, such as
exposure reports against policy limits. Therefore, it is essential
to have appropriate controls over input, processing and maintenance
of the transaction records, whether they are in a database, a
register or a subsidiary ledger. 48. The main control over the
completeness of the derivative transaction records is the
independent matching of counterparty confirmations against the
entitys own records. Counterparties should be asked to send the
confirmations back directly to employees of the entity that are
independent from the dealers, to guard against dealers suppressing
confirmations and hiding transactions, and all details should be
checked off against the entitys records. Employees independent of
the dealer should resolve any exceptions contained in the
confirmations, and fully investigate any confirmation that is not
received. The Role of Internal Auditing 49. As part of the
assessment of internal control, the auditor considers the role of
internal auditing. The knowledge and skills required to understand
and audit an entitys use of derivatives are generally quite
different from those needed in auditing other parts of the
business. The external auditor considers the extent to which the
internal audit function has the knowledge and skill to cover, and
has in fact covered, the entitys derivatives activities. 50. In
many entities, internal auditing forms an essential part of the
risk control function that enables senior management to review and
evaluate the control procedures covering the use of derivatives.
The work performed by internal auditing may assist the external
auditor in assessing the accounting systems and internal controls
and therefore control risk. Areas where the work performed by
internal auditing may be particularly relevant are: Developing a
general overview of the extent of derivative use; Reviewing the
appropriateness of policies and procedures and managements
compliance with them;
21. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 196
Reviewing the effectiveness of control procedures; Reviewing the
accounting systems used to process derivative transactions;
Reviewing systems relevant to derivative activities; Ensuring that
objectives for derivative management are fully understood across
the entity, particularly where there are operating divisions where
the risk exposures are most likely to arise; Assessing whether new
risks relating to derivatives, are being identified, assessed and
managed; Evaluating whether the accounting for derivatives is in
accordance with the financial reporting framework including, if
applicable, whether derivatives accounted for using hedge
accounting specified by the financial reporting framework meet the
conditions of a hedging relationship; and Conducting regular
reviews to: Provide management with assurance that derivative
activities are being properly controlled; and Ensure that new risks
and the use of derivatives to manage these risks are being
identified, assessed and managed. 51. Certain aspects of internal
auditing may be useful in determining the nature, timing and extent
of external audit procedures. When it appears that this might be
the case, the external auditor, during the course of planning the
audit, obtains a sufficient understanding of internal audit
activities and performs a preliminary assessment of the internal
audit function When the external auditor intends to use specific
internal audit work, the external auditor evaluates and tests that
work to confirm its adequacy for the external auditors purposes.
ISA 610, Considering the Work of Internal Auditing provides
guidance to the external auditor in considering the work of
internal auditing. Service Organizations 52. Entities may use
service organizations to initiate the purchase or sale of
derivatives or maintain records of derivative transactions for the
entity. 53. The use of service organizations may strengthen
controls over derivatives. For example, a service organizations
personnel may have more experience with derivatives than the
entitys management. The use of the service organization also may
allow for greater segregation of duties. On the other hand, the use
of a service organization may increase risk because it may have a
different control culture or process transactions at some distance
from the entity.
22. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012197
AUDITING 54. ISA 402 provides guidance to the auditor when the
entity being audited uses a service organization. ISA 402 requires
the auditor to consider, when planning the audit and developing an
effective audit approach, how using a service organization affects
the entitys accounting and internal control systems. ISA 402
provides further guidance in auditing entities using service
organizations. When applying ISA 402 to a service organization
engaged in derivative transactions, the auditor considers how a
service organization affects the entitys accounting and internal
control systems. 55. Because service organizations often act as
investment advisors, the auditor may consider risks associated with
service organizations when acting as investment advisors,
including: How their services are monitored; The procedures in
place to protect the integrity and confidentiality of the
information; Contingency arrangements; and Any related party issues
that may arise because the service organization can enter into its
own derivative transactions with the entity while, at the same
time, being a related party. Control Risk 56. Control risk is the
risk that an entitys accounting and internal control systems will
not prevent or detect and correct, on a timely basis, any
misstatements in an account balance or class of transactions that
could be material, individually or when aggregated with
misstatements in other balances or classes. 57. ISA 4009 requires
the auditor, after obtaining an understanding of the accounting and
internal control systems, to make a preliminary assessment of
control risk, at the assertion level, for each material account
balance or class of transactions. ISA 400 requires the preliminary
assessment of control risk for a financial statement assertion to
be high unless the auditor: (a) Is able to identify internal
controls relevant to the assertion that are likely to prevent or
detect and correct a material misstatement; and (b) Plans to
perform tests of control to support the assessment. 58. When
developing the audit approach, the auditor considers the
preliminary assessment of control risk (in conjunction with the
assessment of inherent risk) to determine the nature, timing and
extent of substantive procedures for the financial statement
assertions. 9 See footnote 3.
23. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 198 59.
Examples of considerations that might affect the auditors
assessment of control risk include: Whether policies and procedures
that govern derivative activities reflect managements objectives;
How management informs its personnel of controls; How management
captures information about derivatives; and How management assures
itself that controls over derivatives are operating as designed.
60. ISA 400 requires the auditor, before the conclusion of the
audit, and based on the results of substantive procedures and other
audit evidence obtained, to consider whether the assessment of
control risk is confirmed. 61. The assessment of control risk
depends on the auditors judgment as to the quality of the control
environment and the control procedures in place. In reaching a
decision on the nature, timing and extent of testing of controls,
the auditor considers factors such as: The importance of the
derivative activities to the entity; The nature, frequency and
volume of derivatives transactions; The potential effect of any
identified weaknesses in control procedures; The types of controls
being tested; The frequency of performance of these controls; and
The evidence of performance. Tests of Controls 62. Where the
assessment of control risk is less than high, the auditor performs
tests of controls to obtain evidence as to whether or not the
preliminary assessment of control risk is supported.
Notwithstanding the auditors assessment of control risk, it may be
that the entity undertakes only a limited number of derivative
transactions, or that the magnitude of these instruments is
especially significant to the entity as a whole. In such instances,
a substantive approach, sometimes in combination with tests of
control, may be more appropriate. 63. The population from which
items are selected for detailed testing is not limited to the
accounting records. Tested items may be drawn from other sources,
for example counterparty confirmations and trader tickets, so that
the possibility of overlooking transactions in the recording
procedure can be tested. 64. Tests of controls are performed to
obtain audit evidence about the effectiveness of the: (a) design of
the accounting and internal control systems, that is, whether they
are suitably designed to prevent or detect and correct
material
24. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012199
AUDITING misstatements and (b) operation of the internal controls
throughout the period. Key procedures may include evaluating, for a
suitably sized sample of transactions, whether: Derivatives have
been used in accordance with the agreed policies, guidelines and
within authority limits; Appropriate decision-making processes have
been applied and the reasons behind entering into selected
transactions are clearly understandable; The transactions
undertaken were within the policies for derivative transactions,
including terms and limits and transactions with foreign or related
parties; The transactions were undertaken with counterparties with
appropriate credit risk; Derivatives are subject to appropriate
timely measurement, and reporting of risk exposure, independent of
the dealer; Counterparty confirmations have been sent; Incoming
confirmations from counterparties have been properly matched and
reconciled; Early termination and extension of derivatives are
subject to the same controls as new derivative transactions;
Designations, including any subsequent changes in designations, as
hedging or speculative transactions, are properly authorized;
Transactions have been properly recorded and are entered completely
and accurately in the accounting records, and correctly processed
in any subsidiary ledger through to the financial statements; and
Adequate security has been maintained over passwords necessary for
electronic fund transfers. 65. Examples of tests of controls to
consider include: Reading minutes of meetings of those charged with
governance of the entity (or, where the entity has established one,
the Asset/Liability Risk Management Committee or similar group) for
evidence of that bodys periodic review of derivative activities,
adherence to established policies, and periodic review of hedging
effectiveness; and Comparing derivative transactions, including
those that have been settled to the entitys policies to determine
whether the entity is following those policies. For example, the
auditor might:
25. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 200
Test that transactions have been executed in accordance with
authorizations specified in the entitys policy; Test that any
pre-acquisition sensitivity analysis dictated by the investment
policy is being performed; Test transactions to determine whether
the entity obtained required approvals for the transactions and
used only authorized brokers or counterparties; Inquire of
management about whether derivatives and related transactions are
being monitored and reported upon on a timely basis and read any
supporting documentation; Test recorded purchases of derivatives,
including their classification and prices, and the entries used to
record related amounts; Test the reconciliation process. The
auditor might test whether reconciling differences are investigated
and resolved on a timely basis, and whether the reconciliations are
reviewed and approved by supervisory personnel. For example,
organizations that have a large number of derivative transactions
may require reconciliation and review on a daily basis; Test the
controls for unrecorded transactions. The auditor might examine the
entitys third-party confirmations and the resolution of any
exceptions contained in the confirmations; and Test the controls
over the adequate security and back-up of data to ensure adequate
recovery in case of disaster. In addition, the auditor may consider
the procedures the entity adopts for annual testing and maintenance
of the computerized records site. Substantive Procedures 66. ISA
40010 requires the auditor to consider the assessed levels of
inherent and control risk in determining the nature, timing and
extent of substantive procedures required to reduce audit risk to
an acceptably low level. The higher the assessment of inherent and
control risk, the more audit evidence the auditor obtains from the
performance of substantive procedures. 67. The assessed levels of
inherent and control risk cannot be sufficiently low to eliminate
the need for the auditor to perform any substantive procedures. The
auditor performs some substantive procedures for material account
balances and classes of transactions. Nevertheless, the auditor may
not be able to obtain sufficient appropriate audit evidence to
reduce detection risk, 10 See footnote 3.
26. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012201
AUDITING and therefore reduce audit risk to an acceptably low level
by performing substantive tests alone. If the auditor is unable to
reduce audit risk to an acceptably low level, ISA 700, The Auditors
Report on Financial Statements11 requires the auditor to qualify or
disclaim an opinion. Furthermore, ISA 400 requires the auditor to
make management aware, as soon as practical and at an appropriate
level of responsibility, of material weaknesses in the design or
operation of the accounting and internal control systems that have
come to the auditors attention. Materiality 68. ISA 320, Audit
Materiality states that the auditor considers materiality at both
the overall financial statement level and in relation to individual
account balances, classes of transactions and disclosures. The
auditors judgment may include assessments of what constitutes
materiality for significant captions in the balance sheet, income
statement, and statement of cash flows both individually, and for
the financial statements as a whole. 69. ISA 320 requires the
auditor to consider materiality when determining the nature, timing
and extent of audit procedures. While planning the audit,
materiality may be difficult to assess in relation to derivative
transactions, particularly given some of their characteristics.
Materiality cannot be based on balance sheet values alone, as
derivatives may have little effect on the balance sheet, even
though significant risks may arise from them. When assessing
materiality, the auditor also may consider the potential effect on
the account balance or class of transactions on the financial
statements. A highly leveraged, or a more complex, derivative may
be more likely to have a significant effect on the financial
statements than a less highly leveraged or simpler derivative
might. Greater potential for effect on the financial statements
also exists when the exposure limits for entering into derivative
transactions are high. Types of Substantive Procedures 70.
Substantive audit procedures are performed to obtain audit evidence
to detect material misstatements in the financial statements, and
are of two types: (a) tests of details of transactions and
balances; and (b) analytical procedures. 71. In designing
substantive tests, the auditor considers: Appropriateness of
accounting. A primary audit objective often addressed through
substantive procedures is determining the appropriateness of an
entitys accounting for derivatives. 11 ISA 700, The Auditors Report
on Financial Statements was withdrawn in December 2006 when ISA
700, The Independent Auditors Report on a Complete Set of General
Purpose Financial Statements became effective.
27. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 202
Involvement of an outside organization. When planning the
substantive procedures for derivatives, the auditor considers
whether another organization holds, services or both holds and
services the entitys derivatives. Interim audit procedures. When
performing substantive procedures before the balance sheet date,
the auditor considers market movement in the period between the
interim testing date and year-end. The value of some derivatives
can fluctuate greatly in a relatively short period. As the amount,
relative significance, or composition of an account balance becomes
less predictable, the value of testing at an interim date becomes
less valuable. Routine vs. non-routine transactions. Many financial
transactions are negotiated contracts between an entity and its
counterparty. To the extent that derivative transactions are not
routine and outside an entitys normal activities, a substantive
audit approach may be the most effective means of achieving the
planned audit objectives. Procedures performed in other audit
areas. Procedures performed in other financial statement areas may
provide evidence about the completeness of derivative transactions.
These procedures may include tests of subsequent cash receipts and
payments, and the search for unrecorded liabilities. Analytical
Procedures 72. ISA 520, Analytical Procedures requires the auditor
to apply analytical procedures at the planning and overall review
stages of the audit. Analytical procedures also may be applied at
other stages of the audit. Analytical procedures as a substantive
procedure in the audit of derivative activities may give
information about an entitys business but, by themselves, are
generally unlikely to provide sufficient evidence with respect to
assertions related to derivatives. The complex interplay of the
factors from which the values of these instruments are derived
often masks any unusual trends that might arise. 73. Some personnel
responsible for derivative activities compile detailed analytical
reviews of the results of all derivatives activity. They are able
to capture the effect of derivatives trading volumes and market
price movements on the financial results of the entity and compile
such an analysis because of their detailed day-to-day involvement
in the activities. Similarly, some entities may use analytical
techniques in their reporting and monitoring activities. Where such
analysis is available, the auditor may use it to further understand
the entitys derivative activity. In doing so, the auditor seeks
satisfaction that the information is reliable and has been
correctly extracted from the underlying accounting records by
persons sufficiently objective to be confident that the
28. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012203
AUDITING information fairly reflects the entitys operations. When
appropriate, the auditor may use computer software for facilitating
analytical procedures. 74. Analytical procedures may be useful in
evaluating certain risk management policies over derivatives, for
example, credit limits. Analytical procedures also may be useful in
evaluating the effectiveness of hedging activities. For example, if
an entity uses derivatives in a hedging strategy, and large gains
or losses are noted as a result of analytical procedures, the
effectiveness of the hedge may become questionable and accounting
for the transaction as a hedge may not be appropriate. 75. Where no
such analysis is compiled and the auditor wants to do one, the
effectiveness of the analytical review often depends upon the
degree to which management can provide detailed and disaggregated
information about the activities undertaken. Where such information
is available, the auditor may be able to undertake a useful
analytical review. If the information is not available, analytical
procedures will be effective only as a means of identifying
financial trends and relationships in simple, low volume
environments. This is because, as volume and complexity of
operations increase, unless detailed information is available, the
factors affecting revenues and costs are such that meaningful
analysis by the auditor often proves difficult, and the value of
analytical procedures as an audit tool decreases. In such
situations, analytical procedures are not likely to identify
inappropriate accounting treatments. Evaluating Audit Evidence 76.
Evaluating audit evidence for assertions about derivatives requires
considerable judgment because the assertions, especially those
about valuation, are based on highly subjective assumptions or are
particularly sensitive to changes in the underlying assumptions.
For example, valuation assertions may be based on assumptions about
the occurrence of future events for which expectations are
difficult to develop or about conditions expected to exist a long
time. Accordingly, competent persons could reach different
conclusions about estimates of fair values or estimates of ranges
of fair values. Considerable judgment also may be required in
evaluating audit evidence for assertions based on features of the
derivative and applicable accounting principles, including
underlying criteria, that are both extremely complex. ISA 540,
Audit of Accounting Estimates provides guidance to the auditor on
obtaining and evaluating sufficient competent audit evidence to
support significant accounting estimates. ISA 620 provides guidance
on the use of the work of an expert in performing substantive
tests.
29. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 204
Substantive Procedures Related to Assertions Existence and
Occurrence 77. Substantive tests for existence and occurrence
assertions about derivatives may include: Confirmation with the
holder of or the counterparty to the derivative; Inspecting the
underlying agreements and other forms of supporting documentation,
including confirmations received by an entity, in paper or
electronic form, for amounts reported; Inspecting supporting
documentation for subsequent realization or settlement after the
end of the reporting period; and Inquiry and observation. Rights
and Obligations 78. Substantive tests for rights and obligations
assertions about derivatives may include: Confirming significant
terms with the holder of, or counterparty to, the derivative; and
Inspecting underlying agreements and other forms of supporting
documentation, in paper or electronic form. Completeness 79.
Substantive tests for completeness assertions about derivatives may
include: Asking the holder of or counterparty to the derivative to
provide details of all derivatives and transactions with the
entity. In sending confirmation requests, the auditor determines
which part of the counterpartys organization is responding, and
whether the respondent is responding on behalf of all aspects of
its operations; Sending zero-balance confirmations to potential
holders or counterparties to derivatives to test the completeness
of derivatives recorded in the financial records; Reviewing brokers
statements for the existence of derivative transactions and
positions held; Reviewing counterparty confirmations received but
not matched to transaction records; Reviewing unresolved
reconciliation items; Inspecting agreements, such as loan or equity
agreements or sales contracts, for embedded derivatives (the
accounting treatment of such
30. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012205
AUDITING embedded derivatives may differ among financial reporting
frameworks); Inspecting documentation for activity subsequent to
the end of the reporting period; Inquiry and observation; and
Reading other information, such as minutes of those charged with
governance, and related papers and reports on derivative activities
received by the governance body. Valuation and Measurement 80.
Tests of valuation assertions are designed according to the
valuation method used for the measurement or disclosure. The
financial reporting framework may require that a financial
instrument be valued based on cost, the amount due under a
contract, or fair value. It also may require disclosures about the
value of a derivative and specify that impairment losses be
recognized in net profit or loss before their realization.
Substantive procedures to obtain evidence about the valuation of
derivative financial instruments may include: Inspecting of
documentation of the purchase price; Confirming with the holder of
or counterparty to the derivative; Reviewing the creditworthiness
of counterparties to the derivative transaction; and Obtaining
evidence corroborating the fair value of derivatives measured or
disclosed at fair value. 81. The auditor obtains evidence
corroborating the fair value of derivatives measured or disclosed
at fair value. The method for determining fair value may vary
depending on the industry in which the entity operates, including
any specific financial reporting framework that may be in effect
for that industry, or the nature of the entity. Such differences
may relate to the consideration of price quotations from inactive
markets and significant liquidity discounts, control premiums, and
commissions and other costs that would be incurred when disposing
of a derivative. The method for determining fair value also may
vary depending on the type of asset or liability. ISA 540 provides
guidance on the audit of accounting estimates contained in
financial statements. 82. Quoted market prices for certain
derivatives that are listed on exchanges or over-the-counter
markets are available from sources such as financial publications,
the exchanges or pricing services based on sources such as these.
Quoted market prices for other derivatives may be obtained from
broker-dealers who are market makers in those instruments. If
quoted market prices are not available for a derivative, estimates
of fair value may be obtained from third-
31. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 206
party sources based on proprietary models or from an entitys
internally developed or acquired models. If information about the
fair value is provided by a counterparty to the derivative, the
auditor considers whether such information is objective. In some
instances, it may be necessary to obtain fair value estimates from
additional independent sources. 83. Quoted market prices obtained
from publications or from exchanges are generally considered to
provide sufficient evidence of the value of derivative financial
instruments. Nevertheless, using a price quote to test valuation
assertions may require a special understanding of the circumstances
in which the quote was developed. For example, quotations provided
by the counterparty to an option to enter into a derivative
financial instrument may not be based on recent trades and may be
only an indication of interest. In some situations, the auditor may
determine that it is necessary to obtain fair value estimates from
broker-dealers or other third-party sources. The auditor also may
determine that it is necessary to obtain estimates from more than
one pricing source. This may be appropriate if the pricing source
has a relationship with an entity that might impair its
objectivity. 84. It is managements responsibility to estimate the
value of the derivative instrument. If an entity values the
derivative using a valuation model, the auditor does not function
as an appraiser and the auditors judgment is not substituted for
that of the entitys management. The auditor may test asser- tions
about the fair value determined using a model by procedures such
as: Assessing the reasonableness and appropriateness of the model.
The auditor determines whether the market variables and assumptions
used are reasonable and appropriately supported. Furthermore, the
auditor assesses whether market variables and assumptions are used
consistently, and whether new conditions justify a change in the
market variables or assumptions used. The evaluation of the
appropriateness of valuation models and each of the variables and
assumptions used in the models may require considerable judgment
and knowledge of valuation techniques, market factors that affect
value, and market conditions, particularly in relation to similar
financial instruments. Accordingly, the auditor may consider it
necessary to involve a specialist in assessing the model.
Calculating the value, for example, using a model developed by the
auditor or by a specialist engaged by the auditor. The
re-performance of valuations using the auditors own models and data
enables the auditor to develop an independent expectation to use in
corroborating the reasonableness of the value calculated by the
entity. Comparing the fair value with recent transactions.
Considering the sensitivity of the valuation to changes in the
variables and assumptions, including market conditions that may
affect the value.
32. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012207
AUDITING Inspecting supporting documentation for subsequent
realization or settlement of the derivative transaction after the
end of the reporting period to obtain further evidence about its
valuation at the balance sheet date. 85. Some financial reporting
frameworks, for example IAS 39, presume that fair value can be
reliably determined for most financial assets, including
derivatives. That presumption can be overcome for an investment in
an equity instrument (including an investment that is in substance
an equity instrument) that does not have a quoted market price in
an active market and for which other methods of reasonably
estimating fair value are clearly inappropriate or unworkable. The
presumption can also be overcome for a derivative that is linked to
and that must be settled by delivery of such an unquoted equity
instrument. Derivatives, for which the presumption that the fair
value of the derivative can be reliably determined has been
overcome, and that have a fixed maturity, are measured at amortized
cost using the effective interest rate method. Those that do not
have a fixed maturity are measured at cost. 86. The auditor gathers
audit evidence to determine whether the presumption that the fair
value of the derivative can be reliably determined has been
overcome, and whether the derivative is properly accounted for
under the financial reporting framework. If management cannot
support that it has overcome the presumption that the fair value of
the derivative can be reliably determined, ISA 70012 requires that
the auditor express a qualified opinion or an adverse opinion. If
the auditor is unable to obtain sufficient audit evidence to
determine whether the presumption has been overcome, there is a
limitation on the scope of the auditors work. In this case, ISA 700
requires that the auditor express a qualified opinion or a
disclaimer of opinion. Presentation and Disclosure 87. Management
is responsible for preparing and presenting the financial
statements in accordance with the financial reporting framework,
including fairly and completely presenting and disclosing the
results of derivative transactions and relevant accounting
policies. 88. The auditor assesses whether the presentation and
disclosure of derivatives is in conformity with the financial
reporting framework. The auditors conclusion as to whether
derivatives are presented in conformity with the financial
reporting framework is based on the auditors judgment as to
whether: The accounting principles selected and applied are in
conformity with the financial reporting framework; The accounting
principles are appropriate in the circumstances; 12 See footnote
11.
33. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 208 The
financial statements, including the related notes, provide
information on matters that may affect their use, understanding,
and interpretation; Disclosure is adequate to ensure that the
entity is in full compliance with the current disclosure
requirements of the financial reporting framework under which the
financial statements are being reported, for example, IAS 39; The
information presented in the financial statements is classified and
summarized in a reasonable manner, that is, neither too detailed
nor too condensed; and The financial statements reflect the
underlying transactions and events in a manner that presents the
financial position, results of operations, and cash flows stated
within a range of acceptable limits, that is, limits that are
reasonable and practicable to attain in financial statements. 89.
The financial reporting framework may prescribe presentation and
disclosure requirements for derivative instruments. For example,
some financial reporting frameworks may require users of derivative
financial instruments to provide extensive disclosure of the market
risk management policies, market risk measurement methodologies and
market price information. Other frameworks may not require
disclosure of this information as part of the financial statements,
but encourage entities to disclose such information outside of the
financial statements. ISA 720, Other Information in Documents
Containing Audited Financial Statements provides guidance on the
consideration of other information, on which the auditor has no
obligation to report, in documents containing audited financial
statements. Additional Considerations About Hedging Activities 90.
To account for a derivative transaction as a hedge, some financial
reporting frameworks, for example, IAS 39, require that management,
at the inception of the transaction, designate the derivative
instrument as a hedge and contemporaneously formally document: (a)
the hedging relationship, (b) the entitys risk management objective
and strategy for undertaking the hedge, and (c) how the entity will
assess the hedging instruments effectiveness in offsetting the
exposure to changes in the hedged items fair value or the hedged
transactions cash flow that is attributable to the hedged risk. IAS
39 also requires that management have an expectation that the hedge
will be highly effective in achieving offsetting changes in fair
value or cash flows attributable to the hedged risk, consistent
with the originally documented risk management strategy for that
particular hedging relationship. 91. The auditor gathers audit
evidence to determine whether management complied with the
applicable hedge accounting requirements of the financial
reporting
34. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012209
AUDITING framework, including designation and documentation
requirements. In addition, the auditor gathers audit evidence to
support managements expectation, both at the inception of the hedge
transaction, and on an ongoing basis, that the hedging relationship
will be highly effective. If management has not prepared the
documentation required by the financial reporting framework, the
financial statements may not be in conformity with the applicable
financial reporting framework, and ISA 70013 would require the
auditor to express a qualified opinion or an adverse opinion.
Regardless of the financial reporting framework, the auditor is
required to obtain sufficient appropriate audit evidence.
Therefore, the auditor may obtain documentation prepared by the
entity that may be similar to that described in paragraph 90, and
may consider obtaining management representations regarding the
entitys use and effectiveness of hedge accounting. The nature and
extent of the documentation prepared by the entity will vary
depending on the nature of the hedged items and the hedging
instruments. If sufficient audit evidence to support managements
use of hedge accounting is not available, the auditor may have a
scope limitation, and may be required by ISA 700 to issue a
qualified or disclaimer of opinion. Management Representations 92.
ISA 580, Management Representations requires the auditor to obtain
appropriate representations from management, including written
representations on matters material to the financial statements
when other sufficient appropriate audit evidence cannot reasonably
be expected to exist. Although management representation letters
ordinarily are signed by personnel with primary responsibility for
the entity and its financial aspects (ordinarily the senior
executive officer and the senior financial officer), the auditor
may wish to obtain representations about derivative activities from
those responsible for derivative activities within the entity.
Depending on the volume and complexity of derivative activities,
management representations about derivative financial instruments
may include representations about: Managements objectives with
respect to derivative financial instruments, for example, whether
derivatives are used for hedging or speculative purposes; The
financial statement assertions concerning derivative financial
instruments, for example: The records reflect all derivative
transactions; All embedded derivative instruments have been
identified; The assumptions and methodologies used in the
derivative valuation models are reasonable; 13 See footnote
11.
35. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 210
Whether all transactions have been conducted at arms length and at
fair market value; The terms of derivative transactions; Whether
there are any side agreements associated with any derivative
instruments; Whether the entity has entered into any written
options; and Whether the entity complies with the documentation
requirements of the financial reporting framework for derivatives
that are conditions precedent to specified hedge accounting
treatments. 93. Sometimes, with respect to certain aspects of
derivatives, management representations may be the only audit
evidence that reasonably can be expected to be available; however,
ISA 580 states that representations from management cannot be a
substitute for other audit evidence that the auditors also expects
to be available. If the audit evidence the auditor expects to be
available cannot be obtained, this may constitute a limitation on
the scope of the audit and the auditor considers the implications
for the auditors report. In this case, ISA 70014 requires that the
auditor express a qualified opinion or a disclaimer of opinion.
Communications with Management and Those Charged with Governance
94. As a result of obtaining an understanding of an entitys
accounting and internal control systems and, if applicable, tests
of controls, the auditor may become aware of matters to be
communicated to management or those charged with governance. ISA
40015 requires that the auditor make management aware, as soon as
practical and at an appropriate level of responsibility, of
mate